The
National Cyber Awareness System (US-CERT) has just issued a warning about
a critical vulnerability in Lenovo consumer personal computers.
US-CERT
issued the alert on Friday morning (Feb. 20, 2015), saying the Lenovo
PCs using pre-installed Superfish Visual Discovery software have been
found to contain a “critical vulnerability through a compromised
root CA certificate.”
Exploitation
of this vulnerability could allow a remote attacker to read all
encrypted web browser traffic (HTTPS), successfully impersonate
(spoof) any website, or “perform other attacks on the affected
system,” the government warned.
“US-CERT
recommends users and administrators review Vulnerability Note
VU#529496 and US-CERT Alert TA15-051A for additional information and
mitigation details,” the warning added.
\
No comments:
Post a Comment